Area 1 Security
App Vendor: Area 1 Security
App Category: Email Gateway
Connector Version: 1.2.0
API Version: 6.10.1
About App
Area 1 security is the premier cybersecurity company that provides email security solutions and protects cloud-based messaging from cyberattacks.
The Area1 Security app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Fetch Blocklists | This action returns the various blocklist items. |
Create Blocklist Item | This action creates a new blocklist item. |
Remove Blocklist Item | This action deletes a blocklisted item with the help of its unique ID. |
Fetch Configured Domain | This action returns the various blocklist items. |
Create Domain Item | This action creates a new domain item. |
Remove Domain Item | This action deletes a domain item using a unique ID. |
Get Allow List | This action retrieves an allowed list. |
Search Detections | This action performs a search operation on detections. |
Search Mailtrace | This action performs a search operation on emails. |
Create New Allowlist Item | This action creates an allow list item. |
Remove Allowlist Item | This action deletes an allow list item. |
Generic Action | This is a generic action to perform any additional use case that you want on the Area 1 Security application. |
Download Email | This action retrieves the content of an email from the detection message sent from the Area1 app. |
Configuration Parameters
The following configuration parameters are required for the Area1 Security app to communicate with the Area1 Security enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Username | Enter the username. | Text | Required | |
Password | Enter the password. | Password | Required |
Action: Fetch Blocklists
This action returns the various blocklist item.
Action Input Parameters
This action does not require any input parameters.
Action: Create Blocklist Item
This action is used to create a new blocklist item.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Pattern | Enter a pattern as an email or a regular expression. Example: "sample@sampleemail.com" | Text | Required | |
Comments | Enter an optional comment associated with the pattern. | Text | Optional |
Example Request
[
{
"pattern": "sample@sampleemail.com"
}
]Action Response Parameters
Parameter | Description | Type |
|---|---|---|
proxy_port | Number | The proxy port number. Example: -1 |
require_tls_inbound | Boolean | Indicates if TLS is required for inbound communication. Example: false |
comments | String | A comment or note associated with the entry, if available. |
require_tls | Boolean | Indicates if TLS is required. Example: false |
is_primary | Boolean | Indicates if this is the primary entry. Example: false |
drop_dispositions | String | A set of conditions under which emails should be dropped. Example: "{MALICIOUS,MALICIOUS-BEC,SPAM}" |
created_at | String | Creation date of the entry in RFC 2822 format. Example: "Fri, 25 Feb 2022 20:59:18 GMT" |
transport | String | The transport mechanism used, if specified. |
deleted_at | String | Date of deletion in RFC 2822 format or "Thu, 01 Jan 1970 00:00:00 GMT" if not deleted. Example: "Thu, 01 Jan 1970 00:00:00 GMT" |
reject_type | String | Type of rejection mechanism used. Example: "HARD" |
require_tls_outbound | Boolean | Indicates if TLS is required for outbound communication. Example: `false` |
dmarc_enforcement | String | DMARC enforcement level. Example: "PROMOTE" |
domain | String | The domain associated with the settings. Example: "example.com" |
id | Number | A unique identifier for the domain settings. Example: 1576 |
lookback_hops | Number | The number of hops to look back for inspection. Example: `1` |
customer_id | String | A unique identifier for the customer associated with the entry. Example: "1b8183fa-15cd-471b-90bb-68fffb575d6f" |
o365_tenant_id | The Microsoft Office 365 tenant ID, if applicable. | |
dmarc_report_enabled | Boolean | Indicates if DMARC reporting is enabled. Example: true |
last_modified | String | Date of the last modification in RFC 2822 format. Example: "Fri, 25 Feb 2022 20:59:18 GMT" |
Action: Remove Blocklist Item
This action deletes a blocklisted item with the help of its unique ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Blocklist Item ID | Enter the unique ID associated with blocklisted item. Example: "85546" | Text | Required | This is retrieved using the Create Blocklist Item action. |
Example Request
[
{
"blocklist_item_id": "87133"
}
]Action: Fetch Configured Domain
This action returns the various blocklist item.
Action Input Parameters
No input parameters are required for this action.
Action: Create Domain Item
This action creates a new domain item.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain | Enter a domain. Example: "google.com" | Text | Required |
Example Request
[
{
"domain": "google.com"
}
]Action: Remove Domain Item
This action deletes a domain item using a unique ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Domain item ID | Enter the unique ID associated with the domain item. Example: "6525" | Text | Required | This is retrieved using the Create Domain Item action. |
Example Request
[
{
"domain_item_id": "6584"
}
]Action: Get Allow List
This action retrieves an allow list.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Allow List Type ID | Enter an allow list type ID. If the specified list type is present, then the subsets of the allowed list are returned. Example: "trustedsenders" | Text | Required | Allowed values:
|
Example Request
[
{
"allow_list_type":"trustedsenders"
}
]Action: Search Detections
This action performs a search operation on detections.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Query | Enter a query term to search in detections. Example: "Phishing" | Text | Required | |
Days Back | Enter the number of past days to retrieve results from. Example: 10 | Integer | Optional | Default value: 7 Maximum allowed value: 365 |
Limit | Enter the maximum number of results to retrieve. Example: 50 | Integer | Optional | Default value: 100 Maximum allowed value: 1000 |
Example Request
[
{
"limit": 50,
"query": "Phishing"
}
]Action: Search Mailtrace
This action performs a search operation on emails.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
Alert ID | Enter an alert ID. Example: "960f6a58-0abc-40e7-a676-b808a6f37b06" | Text | Optional | |
Email From | Enter the email ID of the sender. Example: "robert.doe@sample.com" | Text | Optional | |
Message ID | Enter the message ID of the email. Example: "960f6a58-0abc-40e7-a676-b808a6f37b06" | Text | Optional | |
Subject | Enter the subject of the email. Example: "Phishing Incident" | Text | Optional | |
Sent To | Enter the email ID of the recipient Example: "john.doe@sample.com" | Text | Optional | |
Start Time | Enter the start time range to retrieve emails. Only the emails received after the specified timestamp are returned. Example: "2018-04-24T12:34:56" | Text | Optional | Allowed formats for timestamp:
|
End Time | Enter the end time range to retrieve emails. Only the emails received before the specified timestamp are returned. Example: "2018-04-26T12:34:56" | Text | Optional | Allowed formats for timestamp:
|
Limit | Enter the maximum number of results to retrieve. Example: 50 | Integer | Optional | Default value: 100 Maximum allowed value: 1000 |
Example Request
[
{
"alert_id":"960f6a58-0abc-40e7-a676-b808a6f37b06",
"limit":50
}
]